From 0b02bc13079c89e9255c4f827959de959fd3b319 Mon Sep 17 00:00:00 2001 From: Steve Langasek Date: Wed, 13 Feb 2019 08:10:38 +0000 Subject: Restore lintian overrides for hardening false-positives. --- debian/changelog | 1 + debian/libpam-modules.lintian-overrides | 13 +++++++++++++ 2 files changed, 14 insertions(+) (limited to 'debian') diff --git a/debian/changelog b/debian/changelog index 79a96fed..d042825d 100644 --- a/debian/changelog +++ b/debian/changelog @@ -8,6 +8,7 @@ pam (1.3.1-3) UNRELEASED; urgency=medium * debian/source.lintian-overrides: update for the current quilt warnings. * debian/control: drop redundant priority fields. * Standards-Version 4.3.0. + * Restore lintian overrides for hardening false-positives. -- Steve Langasek Wed, 13 Feb 2019 05:57:21 +0000 diff --git a/debian/libpam-modules.lintian-overrides b/debian/libpam-modules.lintian-overrides index 286eae4c..ad808cfa 100644 --- a/debian/libpam-modules.lintian-overrides +++ b/debian/libpam-modules.lintian-overrides @@ -1,2 +1,15 @@ +# These are false positives because they don't use any functions that need +# fortifying. Since we know we have hardening turned on globally, suppress +# them. If we ever see this warning again for *other* modules, then we know +# there's a real problem. +libpam-modules: hardening-no-fortify-functions lib/*/security/pam_echo.so +libpam-modules: hardening-no-fortify-functions lib/*/security/pam_filter.so +libpam-modules: hardening-no-fortify-functions lib/*/security/pam_group.so +libpam-modules: hardening-no-fortify-functions lib/*/security/pam_limits.so +libpam-modules: hardening-no-fortify-functions lib/*/security/pam_shells.so +libpam-modules: hardening-no-fortify-functions lib/*/security/pam_tally.so +libpam-modules: hardening-no-fortify-functions lib/*/security/pam_tally2.so +libpam-modules: hardening-no-fortify-functions lib/*/security/pam_time.so +libpam-modules: hardening-no-fortify-functions lib/*/security/pam_wheel.so # pam_deny.so does not use any symbol from libc. libpam-modules: shared-lib-without-dependency-information lib/*/security/pam_deny.so -- cgit v1.2.3